Create a Secret first:
kubectl create secret generic secret1 --from-literal=password=secret1pass
Get etcd certs paths:
cat /etc/kubernetes/manifests/kube-apiserver.yaml |grep etcd
Check the health of etcd using these certificate paths:
ETCDCTL_API=3 etcdctl endpoint health \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/apiserver-etcd-client.crt \
--key /etc/kubernetes/pki/apiserver-etcd-client.key
You should get the success responce.ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/apiserver-etcd-client.crt \
--key /etc/kubernetes/pki/apiserver-etcd-client.key
As you can see, it sometimes is kept in plain text which is security risk.